The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2255-1 advisory.

    Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron did not properly set up its     sudo configuration. If a different flaw was found in OpenStack Neutron, this vulnerability could be used     to escalate privileges. (CVE-2013-6433)

    Stephen Ma and Christoph Thiel discovered that the openvswitch-agent in OpenStack Neutron did not properly     perform input validation when creating security group rules when specifying --remote-ip-prefix. A remote     authenticated attacker could exploit this to prevent application of additional rules. (CVE-2014-0187)

    Thiago Martins discovered that OpenStack Neutron would inappropriately apply SNAT rules to IPv6 subnets     when using the L3-agent. A remote authenticated attacker could exploit this to prevent floating IPv4     addresses from being attached throughout the cloud. (CVE-2014-4167)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 14.04 LTS : OpenStack Neutron vulnerabilities (USN-2255-1)

high Nessus Plugin ID 76250

Version 1.10